[OOM][DCAE] Chartmuseum deployment support
Introduction of chartmuseum as internal repo for
ONAP components to push/pull charts post instantiation
+ Script to preload charts to this repo
Change-Id: I4880900548dfe1d3e47a67b3822f82a15314b5b7
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
Issue-ID: DCAEGEN2-2630
Issue-ID: OOM-2734
Issue-ID: INT-1895
Issue-ID: DCAEGEN2-2694
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
Signed-off-by: vv770d <vv770d@att.com>
diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl
index 91f21ab..95cbd20 100644
--- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl
+++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl
@@ -67,6 +67,15 @@
{{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "googleK8sRepository") .) }}
{{- end -}}
+{{/*
+ Resolve the name of the GithubContainer registry
+ - .Values.global.githubContainerRegistry : default image githubContainerRegistry for all dockerHub images
+ - .Values.githubContainerRegistryOverride : override global githubContainerRegistry on a per chart basis
+*/}}
+{{- define "repositoryGenerator.githubContainerRegistry" -}}
+ {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "githubContainerRegistry") .) }}
+{{- end -}}
+
{{- define "repositoryGenerator.image._helper" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}}
@@ -186,5 +195,17 @@
{{- $repoCreds = printf "%s, %s" $repoCreds $gcrRepoCreds }}
{{- end }}
{{- end }}
+ {{- if $subchartDot.Values.global.githubContainerRegistryCred }}
+ {{- $ghcrRepo := $subchartDot.Values.global.githubContainerRegistry }}
+ {{- $ghcrCred := $subchartDot.Values.global.githubContainerRegistryCred }}
+ {{- $ghcrMail := default "@" $ghcrCred.mail }}
+ {{- $ghcrAuth := printf "%s:%s" $ghcrCred.user $ghcrCred.password | b64enc }}
+ {{- $ghcrRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $ghcrRepo $ghcrCred.user $ghcrCred.password $ghcrMail $ghcrAuth }}
+ {{- if eq "" $repoCreds }}
+ {{- $repoCreds = $ghcrRepoCreds }}
+ {{- else }}
+ {{- $repoCreds = printf "%s, %s" $repoCreds $ghcrRepoCreds }}
+ {{- end }}
+ {{- end }}
{{- printf "{%s}" $repoCreds | b64enc -}}
{{- end -}}
diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml
index 8a68f6d..3fdf76d 100644
--- a/kubernetes/common/repositoryGenerator/values.yaml
+++ b/kubernetes/common/repositoryGenerator/values.yaml
@@ -19,6 +19,7 @@
dockerHubRepository: docker.io
elasticRepository: docker.elastic.co
googleK8sRepository: k8s.gcr.io
+ githubContainerRegistry: ghcr.io
# common global images
busyboxImage: busybox:1.32
diff --git a/kubernetes/contrib/tools/registry-initialize.sh b/kubernetes/contrib/tools/registry-initialize.sh
new file mode 100755
index 0000000..75b36bb
--- /dev/null
+++ b/kubernetes/contrib/tools/registry-initialize.sh
@@ -0,0 +1,118 @@
+#!/bin/sh -x
+
+# Copyright (c) 2021 AT&T. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Pre-requisite
+# 1. Chart packages available under local directory provided as input/argument
+# 2. helm client installed with push plugin
+# 3. ONAP chartmuseum service deployed
+
+usage()
+{
+ echo "Chart Base directory must be provided as input!!"
+ echo "Usage: registry-initialize.sh -d chartdirectory \
+<-n namespace override> <-r helmrelease override>"
+ exit 1
+}
+
+if [ $# -eq 0 ]; then
+ usage
+fi
+
+# defaults
+NAMESPACE=onap
+RLS_NAME=onap
+LOGIN=""
+PASSWORD=""
+
+while getopts ":d:n:r:" opt; do
+ case $opt in
+ d) BASEDIR="$OPTARG"
+ ;;
+ n) NAMESPACE="$OPTARG"
+ ;;
+ r) RLS_NAME="$OPTARG"
+ ;;
+ \?) echo "Invalid option -$OPTARG" >&2
+ usage
+ ;;
+ esac
+done
+
+if [ -z "$BASEDIR" ]; then
+ exit "Chart base directory provided $BASEDIR is empty"
+fi
+
+if [ "$(find $BASEDIR -maxdepth 1 -name '*tgz' -print -quit)" ]; then
+ echo "$BASEDIR valid"
+else
+ exit "No chart package on $BASEDIR provided"
+fi
+
+LOGIN=$(kubectl -n "$NAMESPACE" get secret \
+ "${RLS_NAME}-chartmuseum-registrycred" \
+ -o jsonpath='{.data.login}' | base64 -d)
+
+PASSWORD=$(kubectl -n "$NAMESPACE" get secret \
+ "${RLS_NAME}-chartmuseum-registrycred" \
+ -o jsonpath='{.data.password}' | base64 -d)
+
+if [ -z "$LOGIN" ] || [ -z "$PASSWORD" ]; then
+ echo "Login/Password credential for target registry cannot be retrieved"
+ exit 1
+fi
+
+# Expose cluster port via port-forwarding
+kubectl -n $NAMESPACE port-forward service/chart-museum 27017:80 &
+if [ $? -ne 0 ]; then
+ echo "Error in portforwarding; registry cannot be added!!"
+ exit 1
+fi
+
+sleep 5
+
+# Add chartmuseum repo as helm repo
+# Credentials should match config defined in
+# oom\kubernetes\platform\components\chartmuseum\values.yaml
+helm repo add k8s-registry http://127.0.0.1:27017 --username "$LOGIN" \
+ --password "$PASSWORD"
+if [ $? -ne 0 ]; then
+ echo "registry cannot be added!!"
+ pkill -f "port-forward service/chart-museum"
+ exit 1
+fi
+
+# Initial scope is pushing only dcae charts
+# can be expanded to include all onap charts if required
+for file in $BASEDIR/dcae*tgz; do
+ # use helm plugin to push charts
+ helm push $file k8s-registry
+ if [ $? -eq 0 ]; then
+ echo "$file uploaded to registry successfully"
+ else
+ echo "registry upload failed!!"
+ pkill -f "port-forward service/chart-museum"
+ helm repo remove k8s-registry
+ exit 1
+ fi
+done
+
+echo "All Helm charts successfully uploaded into internal repository"
+
+# Remove the port-forwarding process
+pkill -f "port-forward service/chart-museum"
+
+# Remove helm registry from local
+helm repo remove k8s-registry
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
index f4516ed..a26c663 100644
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
@@ -87,8 +87,7 @@
name: http
# Policy configuraiton properties
-# if present, policy-sync side car will be deployed
-
+# if enabled, policy-sync side car will be deployed
#dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
#policies:
# duration: 300
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index d91284a..a3d67c2 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -47,7 +47,7 @@
dockerHubRepository: &dockerHubRepository docker.io
elasticRepository: &elasticRepository docker.elastic.co
googleK8sRepository: k8s.gcr.io
-
+ githubContainerRegistry: ghcr.io
#/!\ DEPRECATED /!\
# Legacy repositories which will be removed at the end of migration.
diff --git a/kubernetes/platform/components/chartmuseum/Chart.yaml b/kubernetes/platform/components/chartmuseum/Chart.yaml
new file mode 100644
index 0000000..1aa8d92
--- /dev/null
+++ b/kubernetes/platform/components/chartmuseum/Chart.yaml
@@ -0,0 +1,21 @@
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Chart Museum
+name: chartmuseum
+version: 8.0.0
diff --git a/kubernetes/platform/components/chartmuseum/requirements.yaml b/kubernetes/platform/components/chartmuseum/requirements.yaml
new file mode 100644
index 0000000..07ac4b4
--- /dev/null
+++ b/kubernetes/platform/components/chartmuseum/requirements.yaml
@@ -0,0 +1,29 @@
+#============LICENSE_START========================================================
+# Copyright (c) 2021 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/platform/components/chartmuseum/templates/deployment.yaml b/kubernetes/platform/components/chartmuseum/templates/deployment.yaml
new file mode 100644
index 0000000..cc07f27
--- /dev/null
+++ b/kubernetes/platform/components/chartmuseum/templates/deployment.yaml
@@ -0,0 +1,83 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ {{ include "common.podSecurityContext" . | indent 7 | trim}}
+ initContainers:
+ - name: volume-permissions
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} //chartmuseum-persist
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+ - name: chart-persistent
+ mountPath: "/chartmuseum-persist"
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 12 | trim }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ path: {{ .Values.liveness.path }}
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ env:
+ - name: STORAGE
+ value: local
+ - name: STORAGE_LOCAL_ROOTDIR
+ value: "/chartmuseum-persist"
+ - name: BASIC_AUTH_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "registrycred" "key" "login") | indent 14 }}
+ - name: BASIC_AUTH_PASS
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "registrycred" "key" "password") | indent 14 }}
+ volumeMounts:
+ - mountPath: /chartmuseum-persist
+ name: chart-persistent
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: chart-persistent
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
diff --git a/kubernetes/platform/components/chartmuseum/templates/pv.yaml b/kubernetes/platform/components/chartmuseum/templates/pv.yaml
new file mode 100644
index 0000000..a05ebfb
--- /dev/null
+++ b/kubernetes/platform/components/chartmuseum/templates/pv.yaml
@@ -0,0 +1,20 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.PV" . }}
\ No newline at end of file
diff --git a/kubernetes/platform/components/chartmuseum/templates/pvc.yaml b/kubernetes/platform/components/chartmuseum/templates/pvc.yaml
new file mode 100644
index 0000000..2bd21dd
--- /dev/null
+++ b/kubernetes/platform/components/chartmuseum/templates/pvc.yaml
@@ -0,0 +1,19 @@
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.PVC" . }}
\ No newline at end of file
diff --git a/kubernetes/platform/components/chartmuseum/templates/secret.yaml b/kubernetes/platform/components/chartmuseum/templates/secret.yaml
new file mode 100644
index 0000000..c8fbd04
--- /dev/null
+++ b/kubernetes/platform/components/chartmuseum/templates/secret.yaml
@@ -0,0 +1,21 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/platform/components/chartmuseum/templates/service.yaml b/kubernetes/platform/components/chartmuseum/templates/service.yaml
new file mode 100644
index 0000000..40aaa73
--- /dev/null
+++ b/kubernetes/platform/components/chartmuseum/templates/service.yaml
@@ -0,0 +1,20 @@
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/platform/components/chartmuseum/values.yaml b/kubernetes/platform/components/chartmuseum/values.yaml
new file mode 100644
index 0000000..05a8b15
--- /dev/null
+++ b/kubernetes/platform/components/chartmuseum/values.yaml
@@ -0,0 +1,97 @@
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2021 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# Global values
+global:
+ pullPolicy: Always
+ persistence: {}
+ githubContainerRegistry: ghcr.io
+image: helm/chartmuseum:v0.13.1
+containerPort: &cont_port 8080
+
+
+# Secrets Configuration.
+secrets:
+ - uid: registrycred
+ type: basicAuth
+ login: '{{ .Values.registryCred.username }}'
+ password: '{{ .Values.registryCred.password }}'
+ passwordPolicy: required
+
+
+# service configuration
+service:
+ type: ClusterIP
+ name: chart-museum
+ ports:
+ - port: 80
+ internal_port: *cont_port
+ name: &port http
+
+chartsMap:
+ directory: "/charts/components/"
+
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 30
+ path: /health
+ port: *port
+ enabled: true
+
+# Below parameter should match setting in all clients
+# including contrib\tools\registry-initialize.sh
+# which does preload
+registryCred:
+ username: onapinitializer
+ password: demo123456!
+
+# Parameters for persistent storage
+persistence:
+ enabled: true
+ accessMode: ReadWriteOnce
+ size: 4Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: chartmuseum/data
+ volumeReclaimPolicy: Retain
+
+
+serviceAccount:
+ nameOverride: chartmuseum
+ roles:
+ - read
+
+securityContext:
+ user_id: 2000
+ group_id: 3000
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 0.5
+ memory: 512Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ unlimited: {}
\ No newline at end of file
diff --git a/kubernetes/platform/requirements.yaml b/kubernetes/platform/requirements.yaml
index 84ad7f8..ce33101 100644
--- a/kubernetes/platform/requirements.yaml
+++ b/kubernetes/platform/requirements.yaml
@@ -22,3 +22,6 @@
- name: cmpv2-cert-provider
version: ~8.x-0
repository: 'file://components/cmpv2-cert-provider'
+ - name: chartmuseum
+ version: ~8.x-0
+ repository: 'file://components/chartmuseum'
\ No newline at end of file